Authentication for the webservice is using a client certificate, a username and a password.The client certificate I received from the company behind the webservice is in.cer format.When I inspect the file using a text editor, it has the following contents.
The resulting file can be imported into a keystore (using the keytool command). When I list the entries in the keystore, this entry is of the type trustedCertEntry. Because of this entry type () I cannot use this certificate to authenticate with the webservice. Im beginning to think that the provided certificate is a public certificate which is being used for authentication. However I cannot expect my clients to perform these steps every time they receive a new certificate. The private key is provided with a.PFX keystore file normally. If you really authenticate is because you already had imported the private key. Only solution for now is to import the certificate in IE and export a.pfx file. You can use it as reference to identify it andor to retrieve it programatically by alias name. My understanding is that one needs create a CSR with a private key, then receive a client certificate from the remote website company and then match the client certificate to the private key. Your answer does not seem to mention anything about the private key. However it is imported as a trustedCertEntry and is not used when accessing the webservice. ![]() For this you need to create a certificate request; the process involves creating your own private key, and the corresponding public key, and attaching that public key along with some of your info (email, name, domain name, etc) to a file thats called the certificate request. Then you send that certificate request to the company thats already asked you for it, and they will create your certificate, by signing your public key with their private key, and theyll send you back an X509 file with your certificate, which you can now add to your keystore, and youll be ready to connect to a web service using SSL requiring client authentication. Send the resulting file to the company thats going to sign it. Just save this to the same folder as your certificate, and run it like so. Provide details and share your research But avoid Asking for help, clarification, or responding to other answers. Making statements based on opinion; back them up with references or personal experience. Not the answer youre looking for Browse other questions tagged java certificate keystore or ask your own question.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2020
Categories |